| networking.firewall.interfaces.<name>.allowedTCPPorts | List of TCP ports on which incoming connections are
accepted.
|
| services.yggdrasil.openMulticastPort | Whether to open the UDP port used for multicast peer discovery
|
| networking.firewall.interfaces.<name>.allowedTCPPortRanges | A range of TCP ports on which incoming connections are
accepted.
|
| networking.firewall.interfaces.<name>.allowedUDPPorts | List of open UDP ports.
|
| networking.firewall.interfaces | Interface-specific open ports.
|
| services.oauth2-proxy.tls.httpsAddress | addr:port to listen on for HTTPS clients
|
| networking.firewall.interfaces.<name>.allowedUDPPortRanges | Range of open UDP ports.
|
| networking.wg-quick.interfaces.<name>.peers.*.allowedIPs | List of IP (v4 or v6) addresses with CIDR masks from
which this peer is allowed to send incoming traffic and to which
outgoing traffic for this peer is directed
|
| networking.wireguard.interfaces.<name>.peers.*.allowedIPs | List of IP (v4 or v6) addresses with CIDR masks from
which this peer is allowed to send incoming traffic and to which
outgoing traffic for this peer is directed
|
| networking.wireguard.interfaces.<name>.allowedIPsAsRoutes | Determines whether to add allowed IPs as routes or not.
|
| networking.interfaces.<name>.name | Name of the interface.
|
| boot.uki.name | Name of the UKI
|
| networking.vswitches.<name>.interfaces.<name>.name | Name of the interface
|
| networking.wireguard.interfaces.<name>.peers.*.name | Name used to derive peer unit name.
|
| users.users.<name>.name | The name of the user account
|
| services.firewalld.zones.<name>.sourcePorts | Source ports to allow in the zone.
|
| users.groups.<name>.name | The name of the group
|
| services.firewalld.zones.<name>.sourcePorts.*.port | |
| networking.interfaces.<name>.useDHCP | Whether this interface should be configured with DHCP
|
| services.firewalld.zones.<name>.forwardPorts | Ports to forward in the zone.
|
| networking.interfaces.<name>.mtu | MTU size for packets leaving the interface
|
| services.firewalld.zones.<name>.forwardPorts.*.port | |
| users.extraUsers.<name>.name | The name of the user account
|
| services.firewalld.zones.<name>.forwardPorts.*.to-port | |
| system.name | The name of the system used in the system.build.toplevel derivation
|
| networking.vswitches.<name>.interfaces.<name>.vlan | Vlan tag to apply to interface
|
| networking.vswitches.<name>.interfaces.<name>.type | Openvswitch type to assign to interface
|
| services.firewalld.zones.<name>.forwardPorts.*.to-addr | Destination IP address.
|
| networking.bonds.<name>.interfaces | The interfaces to bond together
|
| networking.wg-quick.interfaces.<name>.dns | The IP addresses of DNS servers to configure.
|
| networking.wg-quick.interfaces.<name>.preUp | Commands called at the start of the interface setup.
|
| networking.wg-quick.interfaces.<name>.listenPort | 16-bit port for listening
|
| networking.interfaces.<name>.virtualType | The type of interface to create
|
| networking.wg-quick.interfaces.<name>.type | The type of the interface
|
| networking.wg-quick.interfaces.<name>.postUp | Commands called after the interface setup.
|
| services.firewalld.services.<name>.sourcePorts | Source ports for the service.
|
| networking.wg-quick.interfaces.<name>.preDown | Command called before the interface is taken down.
|
| networking.wg-quick.interfaces.<name>.mtu | If not specified, the MTU is automatically determined
from the endpoint addresses or the system default route, which is usually
a sane choice
|
| networking.wg-quick.interfaces.<name>.peers | Peers linked to the interface.
|
| users.extraGroups.<name>.name | The name of the group
|
| networking.wg-quick.interfaces.<name>.postDown | Command called after the interface is taken down.
|
| services.firewalld.services.<name>.sourcePorts.*.port | |
| networking.interfaces.<name>.wakeOnLan.enable | Whether to enable wol on this interface.
|
| networking.bridges.<name>.interfaces | The physical network interfaces connected by the bridge.
|
| services.firewalld.zones.<name>.sourcePorts.*.protocol | |
| networking.interfaces.<name>.ipv6.routes | List of extra IPv6 static routes that will be assigned to the interface.
|
| networking.interfaces.<name>.ipv4.routes.*.via | IPv4 address of the next hop.
|
| networking.interfaces.<name>.ipv6.routes.*.via | IPv6 address of the next hop.
|
| networking.wg-quick.interfaces.<name>.table | The kernel routing table to add this interface's
associated routes to
|
| networking.interfaces.<name>.macAddress | MAC address of the interface
|
| networking.interfaces.<name>.virtual | Whether this interface is virtual and should be created by tunctl
|
| networking.wg-quick.interfaces.<name>.address | The IP addresses of the interface.
|
| networking.interfaces.<name>.proxyARP | Turn on proxy_arp for this device
|
| services.firewalld.zones.<name>.forwardPorts.*.protocol | |
| networking.interfaces.<name>.wakeOnLan.policy | The Wake-on-LAN policy
to set for the device
|
| networking.interfaces.<name>.ipv4.routes | List of extra IPv4 static routes that will be assigned to the interface.
If the route type is the default unicast, then the scope
is set differently depending on the value of networking.useNetworkd:
the script-based backend sets it to link, while networkd sets
it to global.
If you want consistency between the two implementations,
set the scope of the route manually with
networking.interfaces.eth0.ipv4.routes = [{ options.scope = "global"; }]
for example.
|
| networking.nftables.tables.<name>.name | Table name.
|
| networking.wg-quick.interfaces.<name>.peers.*.publicKey | The base64 public key to the peer.
|
| services.nylon.<name>.name | The name of this nylon instance.
|
| systemd.units.<name>.name | The name of this systemd unit, including its extension
|
| systemd.paths.<name>.name | The name of this systemd unit, including its extension
|
| networking.wg-quick.interfaces.<name>.configFile | wg-quick .conf file, describing the interface
|
| networking.interfaces.<name>.virtualOwner | In case of a virtual device, the user who owns it.
null will not set owner, allowing access to any user.
|
| networking.interfaces.<name>.ipv4.routes.*.type | Type of the route
|
| networking.interfaces.<name>.ipv6.routes.*.type | Type of the route
|
| networking.wg-quick.interfaces.<name>.privateKey | Base64 private key generated by wg genkey
|
| networking.wireguard.interfaces.<name>.listenPort | 16-bit port for listening
|
| networking.wireguard.interfaces.<name>.ips | The IP addresses of the interface.
|
| networking.wg-quick.interfaces.<name>.privateKeyFile | Private key file as generated by wg genkey.
|
| services.firewalld.zones.<name>.interfaces | Interfaces to bind.
|
| networking.wg-quick.interfaces.<name>.extraOptions | Extra options to append to the interface section
|
| networking.vswitches.<name>.interfaces | The physical network interfaces connected by the vSwitch.
|
| networking.wireguard.interfaces.<name>.type | The type of the interface
|
| services.firewalld.services.<name>.sourcePorts.*.protocol | |
| networking.interfaces.<name>.tempAddress | When IPv6 is enabled with SLAAC, this option controls the use of
temporary address (aka privacy extensions) on this
interface
|
| networking.interfaces.<name>.ipv4.routes.*.address | IPv4 address of the network.
|
| networking.interfaces.<name>.ipv6.routes.*.address | IPv6 address of the network.
|
| services.bind.zones.<name>.name | Name of the zone.
|
| networking.wireguard.interfaces.<name>.peers | Peers linked to the interface.
|
| systemd.user.units.<name>.name | The name of this systemd unit, including its extension
|
| systemd.user.paths.<name>.name | The name of this systemd unit, including its extension
|
| networking.wg-quick.interfaces.<name>.autostart | Whether to bring up this interface automatically during boot.
|
| services.pppd.peers.<name>.name | Name of the PPP peer.
|
| networking.wireguard.interfaces.<name>.mtu | Set the maximum transmission unit in bytes for the wireguard
interface
|
| networking.interfaces.<name>.ipv6.addresses | List of IPv6 addresses that will be statically assigned to the interface.
|
| networking.interfaces.<name>.ipv4.addresses | List of IPv4 addresses that will be statically assigned to the interface.
|
| networking.wireguard.interfaces.<name>.preSetup | Commands called at the start of the interface setup.
|
| systemd.timers.<name>.name | The name of this systemd unit, including its extension
|
| systemd.slices.<name>.name | The name of this systemd unit, including its extension
|
| networking.wg-quick.interfaces.<name>.peers.*.endpoint | Endpoint IP or hostname of the peer, followed by a colon,
and then a port number of the peer.
|
| networking.wireguard.interfaces.<name>.postSetup | Commands called at the end of the interface setup.
|
| networking.wireguard.interfaces.<name>.fwMark | Mark all wireguard packets originating from
this interface with the given firewall mark
|
| networking.wireguard.interfaces.<name>.metric | Set the metric of routes related to this Wireguard interface.
|
| networking.interfaces.<name>.ipv4.routes.*.options | Other route options
|
| networking.interfaces.<name>.ipv6.routes.*.options | Other route options
|
| networking.wireguard.interfaces.<name>.table | The kernel routing table to add this interface's
associated routes to
|
| networking.interfaces.<name>.ipv4.routes.*.prefixLength | Subnet mask of the network, specified as the number of
bits in the prefix (24).
|
| networking.interfaces.<name>.ipv6.routes.*.prefixLength | Subnet mask of the network, specified as the number of
bits in the prefix (64).
|
| image.repart.name | Name of the image
|
| systemd.user.slices.<name>.name | The name of this systemd unit, including its extension
|